Trend Micro Virus Alert - WORM_WURMARK.J

Discussion in 'malware problems & news' started by Randy_Bell, May 11, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Dear Trend Micro customer,

    As of May 11, 2005 4:30 AM (Pacific Daylight Time/GMT -8:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_WURMARK.J. TrendLabs has received several infection reports indicating that this malware is spreading in France, India, Taiwan, and Singapore.

    This memory-resident worm propagates via email messages. Upon execution, it drops a copy of itself in the Windows system folder using a random file name.

    It also drops a randomly named (Dynamic Link Library) DLL file in the Windows system folder, which is a component of IESpy, a spyware program.

    This worm has a keylogging capability. It saves the logs typed by the user in a dropped random DLL file.

    It drops several .ZIP files in the Windows system folder as email attachment.

    This worm propagates by sending a copy of itself via email. The email message contains the following details:

    Subject: (any of the following)
    -details
    -girls
    -image
    -love
    -message
    -music
    -news
    -photo
    -pic
    -readme
    -resume
    -screensaver
    -song
    -video

    Attachment: (any of the following file names)
    -details.zip
    -girls.zip
    -image.zip
    -love.zip
    -message.zip
    -music.zip
    -news.zip
    -photo.zip
    -pic.zip
    -readme.zip
    -resume.zip
    -screensaver.zip
    -song.zip
    -video.zip

    TrendLabs will be releasing the following EPS deliverables:

    TMCM Outbreak Prevention Policy - 174 (uploaded)
    Official Pattern Release - 2.625.00
    Damage Cleanup Template - 596

    For more information on WORM_WURMARK.J, you can visit our Web site at:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WURMARK.J
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Sophos writeup on this worm: W32/Wurmark-J
     
  3. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Symantec's writeup on this worm: W32.Lanieca.A@mm
    Tech Details: http://securityresponse.symantec.com/avcenter/venc/data/w32.lanieca.a@mm.html#technicaldetails
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.